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^MARKS/ARGUMENTS 



1. rimnw 1-4. 7-30 , ™H 33-40 ate P^triite Over the Cited Art 

The Examiner maintained his rejection of claims 1-4, 7-30, and 33-40 as obvious (35 
U.S.C. §103) over Ananda (U.S. Patent No. 5,495,41 1) in view of Takahashi (U.S. Patent No. 
6,195,432). Applicants traverse for the following reasons. 

Amended independent claims 1, 16, and 27 concern distributing computer software from 
a first computer system, and require: A method for distributing computer software from a first 
computer system, comprising the first computer system performing: maintaining keys of 
computer systems authorized to access software to be distributed; receiving a request for 
software from a second computer system; generating a message; encrypting the generated 
message; transmitting the encrypted message to the second computer system; receiving an 
encrypted response from the second computer system; determining whether there is one 
maintained key for the second computer system capable of decrypting the received encrypted 
response; decrypting the encrypted response with the determined key if there is one determined 
key; determining whether the decrypted response includes a part of the generated message 
transmitted to the second computer system, wherein the second computer system is authorized to 
access the software if the decrypted response includes the part of the generated message and 
wherein the second computer system is not authorized to access the software if there is not one 
maintained key for the second computer system that is capable of decrypting the encrypted 
response or the decrypted response does not include the part of the generated message 
transmitted to the second computer system; and permitting the second computer system access to 
the software after determining that the second computer system is authorized to access the 
software. 

Applicants amended claims 1,16, and 27 to add the requirement of claims 4, 19, and 30 
of determining whether the decrypted response includes a part of the generated message 
transmitted to the second computer system, wherein the second computer system is authorized to 
access the software if the decrypted response includes the part of the generated message and that 
the second computer system is not authorized to access the software if the decrypted response 
does not include the part of the generated message transmitted to the second computer system. 
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In the Response to Arguments and other parts of the Six* Office Action, the Exami ner 
cited col 11, lines 45-60 and col. 12, lines 15-53 of Ananda. (Sixth Office Action, pgs. 2-3 and 
pgs. 4-5) A review of the cited Ananda reveals that Ananda is concerned with components in 
the user computer that process a message to determine whether access is authorized, not the 
central server. The cited col. 1 1 of Ananda mentions that the password generation module 321B 
generates a new authorization verification password that is stored as a function of the processor 
clock time. However, the cited password generation module 321E is part of the user computer 
102 (FIG. 2) because it is part of the header software 284A shown in FIG. 3, not part of the 
software distributing system. The user is the requestor of software, not the distributor. Ananda 
mentions that as shown in FIG. 2, the application software 284B is integrated with header 
software 284A, which comprises the rental application software 284. (CoL 9, lines 50 to col. 10, 
line 40). The rental security manager prepares and encrypts a message having information on 
the user (the user clock time, user ID password, and ID number of the application), which is sent 
to the multiuser controller 222 at the central facility that enables access to the software. 

Nowhere does this cited col. 1 1 of Ananda anywhere disclose the claim requirements that 
the rental manager or other related component, which is in the user computer, maintain keys for 
authorized computer systems of the software, where the keys are used to decrypt encrypted 
responses and that the second computer (user computer) is not authorized to access the software 
if there is not one maintained key for the second computer system that is capable of decrypting 
the encrypted response. Instead, the cited coL 1 1 of Ananda discusses how the user computer 
generates a message to send to the central facility 1 80. Because the cited col. 1 1 concerns 
operations of the user computer to generate an authorization verification password, nowhere does 
the cited col. 1 1 teach or suggest the claim requirements of maintaining keys for authorized users 
of the software, where the keys are used to decrypt responses to determine whether the second 
computer providing the response is authorized to use the software. 

Further, nowhere does the cited coL 1 1 of Ananda teach or suggest the added claim 
requirements of determining whether the decrypted response includes a part of the generated 
message transmitted to the second computer system. Instead, the cited col. 1 1 discusses how the 
user computer generates a message to send to the central facility, not the claim requirement of the 
first computer (central facility) authorizing access for the second computer by determining 

Page 14 of 21 

PAGE 19126 * RCVD AT 11/7/2005 11:50:27 PM [Eastern Standard rime] ■ SVR:USPTO-EFXRF-6/28 • DNIS:2738300 ■ CSID:3108397217 ' DURATION (mm-ss):08-00 



11/87/2005 20:48 3108397217 



DAVID VICTOR 



PAGE 20/ 26 



Serial No. 09/409,617 

Amdt. dated November 7, 2005 Docket No. TUC919990029US1 

Reply to Office action of July 6, 2005 Firm No qq x 8i0 056 

whether the decrypted response includes the pa* of the transmitted message, wherein the second 
computer system is authorized to access the software if the decrypted response includes the part 

of the generated message. 

The cited coL 1 2 of Ananda discusses how the multiuser controller 222, which is part of 
the database that distributes the software, generates and encrypts a new message, and sends the 
message to the user as part of an authorization verification process. The rental security manager 
321 in the user computer receives the message. The rental security manager 321 is part of the 
user computer because it is part of the header software 284A show in FIG. 3. The user computer 
decrypts the message and has a password validation module 321 that uses a password correlation 
algorithm to compare the message against stored information regarding the user processor clock 
time, ID, etc- When the correlation function is successful, authorization verification is complete 
and the header 320 in the user computer allows application software to execute. 

The cited col. 12 discusses how components in the user computer compare a message 
from the central facility to determine whether the application can continue to execute. This cited 
col. 12 does not disclose the added claim requirement of the first computer, as opposed to the 
second computer system requesting access to the software. Further, nowhere does the cited col. 
12 of Ananda teach or suggest the added claim requirements of determining whether the 
decrypted response includes the generated message transmitted to the second computer system. 
Instead, the cited col. 12 teaches away from this requirement because in the cited Ananda a 
component of the user computer, the rental security manager 321, determines whether access is 
authorized. 

Further, nowhere does the cited col, 12 anywhere disclose the claim requirement of 
maintaining keys for authorized computer systems of the software, where the keys are used to 
decrypt encrypted responses and that the second computer is not authorized to access the 
software if there is not one maintained key for the second computer system that is capable of 
decrypting the encrypted response, Instead, the cited col. 12 discusses how the user computer 
can correlate the content of a message with stored information to determine whether the 
application can start running. The cited col. 12 docs not that the distributor computer (claimed 
first computer) maintain keys to use to verify whether a user requesting access is authorized as 
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claimed. Instead, with the cited col- 12, the authorization is done at the user system, not at the 
central facility or distributor computer, i.e., first computer as claimed. . 

The Examiner further cited col. 10, lines 47-66 and col. 11, lines 22-24 of Takahashi 
teaefces the claim requirement of maintaining keys of authorized systems. (Sixth Office action, 
pg. 5) The claims require that the keys of the authorized systems are used to decrypt responses 
from an authorized customer system (second computer system) to check whether the response 
permits access, where access to the software is not permitted if there is not one key maintained 
for the second system. The cited cols. 10-1 1 of Takahashi mention that a user ^formation store 
has an ID and shared key for the customer. Takahashi mentions Ihe customer side sends the 
encrypted shared key to the store side. (Takahashi, col. 9, lines 1 8-25) The store side stores in 
the information storage unit Ihe ID, shared key, and credit card information assigned to 
customers. (Takahashi, col. 10, lines 64-68) 

Nowhere does the cited Takahashi teach or suggest the claim requirements that the cited 
shared key is used by the first computer system (distributor of the software) to decrypt a response 
from the second computer system (customer system), where the requesting customer is not 
authorized to access the software if there is not one maintained key capable of decrypting the 
response. Instead, according to Takahashi, the customer side uses the shared key 202 to generate 
a hash value 205 that is sent to the server with the product specifying data. The server side then 
has its own copy of theshared key 103 to obtain a server hash value 205\ and if the customer 
sent hash value 205 and server hash value 205* coincide, the order is proper and the software may 
be transmitted. (Takahashi, col. 11, line 61 to col. 12, line 52). Thus, according to Takahashi the 
cited hash value is not sent to the server side and used by the server to decrypt an encrypted 
response that is part of a request for software. Instead, the cited shared value is used to generate 
a hash value that the customer transmits with the product specifying data. (Takahashi, col. 12, 
lines 17-25). Nowhere does the cited Takahashi teach or suggest thai the shared value is used to 
decrypt a response from the customer side. 

Further, nowhere does the cited Takahashi anywhere teach or suggest the added claim 
requirements of determining whether the decrypted response includes the part of the generated 
message transmitted to the second computer system. Instead, the cited Takahashi discusses how 
both the server and user side calculate a hash value that is compared to determine whether the 
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customer can access the server. Nowhere does the cited Takahashi teach or suggest the added 
claim requirement of the first computer authorizing access for Ihe second computer by 
determining whether the decrypted response includes a part of an encrypted message the first 
computer previously sent to the second computer. 

Moreover, Ihe claims require processing the decrypted response to determine whether the 
customer (first computer) is permitted to access the software. Nowhere does the cited Takahashi 
teach processing a decrypted response to a message to determine whether access is permitted. 
Instead, the cited Takahashi compares a customer hash value 205 sent with a message with a 
server bash value 205' to determine whether access is permitted. 

Thus, the cited of Takahashi does not teach or suggest keys used by the distributor side 
(first computer system) to decrypt responses from the customer side (second computer system) to 
determine whether the decrypted response includes the generated message transmitted to the 
second computer system. Instead, the cited "shared key" of Takahashi is not used for decrypting 
responses as claimed and is instead used to generate a hash value sent with product specifying 
data. 

Thus, the cited Ananda and Takahashi, alone or in combination, do not teach or suggest , 
that the distributor side (first computer system) maintains keys from authorized computer 
systems (customers) to decrypt responses from the customer side (second computer system) to 
determine whether the decrypted response includes th e part of the previously sent message as 
part of determining whether the requesting customer system is permitted to access the software. 

For all the above reasons, the amended claims 1, 16, and 27 are patentable over the cited 
combination, because the cited references, alone or in combination, do not teach or suggest all 
the claim requirements. 

Claims 2-4, 8-11, 17-19, 21-24, 28-30, and 34-40 are patentable over the cited art because 
they depend, directly or indirectly, from one of claims 1, 16, and 27. Moreover, certain of these 
claims provide addi tional grounds of patentability over the cited art for the reasons discussed 
below. 

Amended claims 4, 19, and 30 depend from claims 1,16, and 27, respectively, and further 
require that generating the message further comprises generating a random component to include 
within the message, and wherein determining whether the decrypted response includes the 
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sensed menage comprises defining whetar me decrypt response inetades the random 
Applied amended these data to remove requirements added to me independent 

claims 1, 16, and 27. 

In the Response to Arguments, the Examiner cited the above discussed Ananda and 
Takahashi as teaching the additional requirements of these claims. (Sixth Office Action, pgs. 4-5) 
Applicants traverse. According to the cited Ananda, the multiuser controller 222 at the central 
facility generates an encrypted password that is sent to the rental security manager 321, which u 
part of the user computer, to decrypt and determine whether access is permitted. The rental 
security manager 321 is part of the header software 284a within the user computer. (Ananda, col. 

9, line 55 to col. 1 0, line 33, FIGs. 2 and 3). 

Nowhere does the cited Ananda anywhere disclose that the first computer generating the 
message generates a random component to include within the message and that the second 
computer determines whether the decrypted response includes the random component to 
determine whether to grant access to the computer software. Instead, with the cited Ananda, 
components in the user computer (i.e., the claimed second computer) determine whether access 
may continue, not the second computer which distributes the software. The cited Ananda does 
not have the central facility determine whether the user (second computer system) may access the 
software by checking whether the encrypted response has a random component the first 
computer system (central facility) previously sent as claimed. 

Accordingly, amended claims 4, 19, and 30 provide additional grounds of patentability 
over the cited art. 

Claims 8, 21, and 34 depend from claims 1, 16, and 27, respectively, and further require 
that processing the encrypted response further comprises determining whether a message 
included in the encrypted response matches the generated message, wherein the second computer 
is authorized to access the software if the message included in the encrypted response matches 
the generated message. 

The cited Ananda does not disclose that the first computer system (or central facility in 
Ananda) determines whether the message in the encrypted response from the second computer 
system matches the generated message the first computer system initially sent to the second 
computer system. Instead, the cited Ananda has the user computer system compare stored 
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information with a message from the central facility, likened to the first computer system, to 
determine whether access is permitted. Nowhere does the cited Ananda anywhere dtsclose that 
the central facility, likened to the first computer system, compare a message in an encrypted 
response from the user computer, likened to the second computer system, to determine whether it 
matches the generated message the central facility (first computer system) previously sent to the 
user computer (second computer system). Thus, the cited operations of Ananda are different 

from the claimed operations. 

Accordingly, claims 8, 21, and 34 provide additional grounds of patentability over the 

cited art. 

Amended independent claims 12 and 25 concern accessing computer software from a first 
computer system with a second computer system and require that the second computer system 
perform: providing a key to the first computer system, capable of decrypting an encrypted 
response from the from the second computer system.; transmitting a request for the software to 
the first computer system; receiving an encrypted message from the first computer system; 
processing the encrypted message to generate a response message including a part of the 
encrypted message; encrypting the response message, wherein the encrypted response message is 
capable of being decrypted by the provided key at the first computer system; transmitting the 
encrypted response message to the first computer system; and receiving access to the requested 
software in response to the encrypted response message. 

Applicants amended these claims to add the requirement that generating the response to 
the encrypted message comprises generting a message including a part of the encrypted m essage; 

In the Response to Arguments, the Examiner cited the same sections of Ananda and 
Takahashi against claims 12 and 25 that were cited against independent claims 1, 16, and 27. 
(Sixth Office Action, pgs. 4-5) 

The cited Ananda discusses how a user computer generates an authorization verification 
password and sends an encrypted message with various information to the central facility. A 
multi-user controller 22 at the central facility generates a message to send back to the user 
computer. The user computer header software then verifies the received message from the 
central facility with the stored authorization verification password- 
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Nowhere does the cited Ananda -ywhere teach or suggest the claim requirement of the 

response to the first computer including a part of the encrypted rnessage re,e,ve4 

computer that can be decrypted by the sent key at the distributor computer (first computer), and 

then receiving access to the requested software in response to the encrypted response message. 

The cited Takahashi discusses the shared key. As discussed above, the shared key of 
Takahashi is used to generate a hash code that the user computer sends to the distributor. 
Nowhere does the cited Takahashi teach or suggest that this shared key provtded to the 
distributor computer is used to encrypt a response message that is capable of being decrypted by 
the provided key at the distributor (first computer system) and that includes a part of the 
encrypted message received from the first computer. 

Accordingly, claims 12 and 25 are patentable over the cited Ananda and Takahashi 
because the cited art does not disclose all the claim requirements. 

Claims 13-1 5 and 26 are patentable over the cited art because they depend from claims 12 
and 25, respectively, which are patentable over the cited art for the reasons discussed above. 

Claims 38-40 are patentable over the cited art because they depend, directly or indirectly, 
from claim 26, which is patentable over the cited art for the reasons discussed above. 

2. Claims 5. 6. 31 ™H 32 are Pa tentable Over the Cited Art 

The Examiner rejected claims 5, 6, 31, and 32 as obvious (33 U.S.C. 103) over Ananda in 
view of Komura (U.S. Patent No. 5,994,307). (Final Office Action, pgs. 9-10) Applicants 
traverse this rejection on the grounds that these claims depend from claims 1,16, and 27, which 
are patentable over the cited art for the reasons discussed above. Moreover, these claims provide 
additional grounds of patentability over the cited art for the reasons discussed below. 

First off, claims 5, 6, 31, and 32 are patentable over the cited art because they depend 
from claims 1 , 1 6, and 27, which are patentable over the cited art for the reasons discussed 
above. Further, these claims provide additional grounds of distinction over the cited art for the 
following reasons. 
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Claims 5 and 31 depend from claims 1 and 27, respectively, and further reou^* * 
component * -Prised of a *ne s«mp. T* — cited Komura as teachmg 
tos ^ c^ re,— (FW Offlce Action, pgs. 9-10)^™ 

aL* *e cited Komura does discuss a tune*™,, and Ananda menhons that a clock 
or Komura, alone or in combination, anywhere teach or surest that a message generated and 

Accordingly, claims 5 and 31 provide additions! grounds of patentable over the ctted 

art 

Claims 6 and 32 depend from claims 5 and 31 and further require mat the time stamp » 
inKrted a. an offset into the message. Tnese claims are patentable over the cited combmahon 
because theydepend from claims 5 and 31 , which are patemable over the cited art for the reason, 
discussed above, and because they provide further reouiremems on me tirnestamp, wluch >s not 

disclosed in the cited Ananda- 

Coaclusioti 

For all the above reasons, Applicant submits that the pending claims 1-40 ate patentable 
over the art of record. Applicants submit herewith the fee for a one-month extension of time. 
Nonetheless, should any additional fees be required, please charge Deposit Account No. 09-0466. 

The attorney of record invites the Examiner to contact rum at (310) 553-7977 if the 
Examiner believes such contact would advance the proseoatiotfof the. 



Dated: November 7. 2005 



Please direct all corresnonttences to : 
David Victor 

Konrad Rayn.es & Victor, LLP 
315 South Beverly Drive, Ste. 210 
Beverly Hills, CA 90212 
Tel: 310-553-7977 
Fax: 310-556-7984 




David W. Victor 
Registration No. 39,867 



Page 21 of 21 

PAGE 26/26 » RCVDAT 111712005 11:50:27 PM [Eastern Standard Time] • SVR:USPTO-EFX W DNIS:2738300 * CSID:3108397217 1 DURATION (mm-ss):08-00 



